Re: [PATCH 1/1] Centralize dependencies on the auth unit.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steve Dickson <SteveD@redhat.com>
To: Simo Sorce <simo@redhat.com>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH 1/1] Centralize dependencies on the auth unit.
Date: Thu, 02 Oct 2014 15:27:28 -0400	[thread overview]
Message-ID: <542DA720.5020002@RedHat.com> (raw)
In-Reply-To: <1412091888-32220-1-git-send-email-simo@redhat.com>



On 09/30/2014 11:44 AM, Simo Sorce wrote:
> With this patch either gssproxy or rpc.svcgssd are started only if the
> auth module is requested, and it finds a keytab.
> If the wants are in the main nfs-client or nfs-server unit files then
> the two deamons are started unconditionally and would require
> conditions which we can test once and for all in a single unit file
> instead.
> 
> Change also Before and After statments accordingly to properly
> serialize loading modules and starting daemons in 3 steps
> 1. load kernel GSS auth module
> 2. start GSS handling daemons
> 3. start NFS client/server daemons
> 
> Signed-off-by: Simo Sorce <simo@redhat.com>
I begrudgingly commit this because when gssproxy is install
the NFS client will *always* start it, which is
a bug in gssproxy... IMHO... If a daemon is not needed
it shouldn't start up... similar to how the gss daemons work.

steved.



> ---
>  systemd/auth-rpcgss-module.service | 3 ++-
>  systemd/nfs-client.target          | 7 +++++--
>  systemd/nfs-server.service         | 8 +++++---
>  3 files changed, 12 insertions(+), 6 deletions(-)
> 
> diff --git a/systemd/auth-rpcgss-module.service b/systemd/auth-rpcgss-module.service
> index 3fc2f4ac924f7e9d6e24969bb9a21d88a5c144fc..0355e13e009528632e97373332db9fa3acdfd1a9 100644
> --- a/systemd/auth-rpcgss-module.service
> +++ b/systemd/auth-rpcgss-module.service
> @@ -6,7 +6,8 @@
>  # unit will fail.  But that's OK.)
>  [Unit]
>  Description=Kernel Module supporting RPCSEC_GSS
> -Before=gssproxy.service rpc-svcgssd.service
> +Before=gssproxy.service rpc-svcgssd.service rpc-gssd.service
> +Wants=gssproxy.service rpc-svcgssd.service rpc-gssd.service
>  ConditionPathExists=/etc/krb5.keytab
>  
>  [Service]
> diff --git a/systemd/nfs-client.target b/systemd/nfs-client.target
> index 87a1ce8cec8f39c810c9c67325161de3e6a1db47..9b792a363e14c88ecaf8e45b7a3deadb97b3acac 100644
> --- a/systemd/nfs-client.target
> +++ b/systemd/nfs-client.target
> @@ -5,9 +5,12 @@ Wants=remote-fs-pre.target
>  
>  # Note: we don't "Wants=rpc-statd.service" as "mount.nfs" will arrange to
>  # start that on demand if needed.
> -Wants=rpc-gssd.service rpc-svcgssd.service auth-rpcgss-module.service
>  Wants=nfs-blkmap.service rpc-statd-notify.service
> -After=rpc-gssd.service rpc-svcgssd.service nfs-blkmap.service
> +After=nfs-blkmap.service
> +
> +# GSS services dependencies and ordering
> +Wants=auth-rpcgss-module.service
> +After=rpc-gssd.service rpc-svcgssd.service gssproxy.service
>  
>  [Install]
>  WantedBy=multi-user.target
> diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service
> index 1048c5cbbf68328a8ac8c88b67e477061cf487c7..8010aadc487005cf7f1d1774fb237457a06a5d51 100644
> --- a/systemd/nfs-server.service
> +++ b/systemd/nfs-server.service
> @@ -2,15 +2,17 @@
>  Description=NFS server and services
>  Requires= network.target proc-fs-nfsd.mount rpcbind.target
>  Requires= nfs-mountd.service
> -Wants=rpc-statd.service nfs-idmapd.service auth-rpcgss-module.service
> -Wants=rpc-gssd.service gssproxy.service rpc-svcgssd.service
> +Wants=rpc-statd.service nfs-idmapd.service
>  Wants=rpc-statd-notify.service
>  
>  After= network.target proc-fs-nfsd.mount rpcbind.target nfs-mountd.service
>  After= nfs-idmapd.service rpc-statd.service
> -After= rpc-gssd.service gssproxy.service rpc-svcgssd.service
>  Before= rpc-statd-notify.service
>  
> +# GSS services dependencies and ordering
> +Wants=auth-rpcgss-module.service
> +After=rpc-gssd.service gssproxy.service rpc-svcgssd.service
> +
>  Wants=nfs-config.service
>  After=nfs-config.service
>  
>

next prev parent reply	other threads:[~2014-10-02 19:27 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <542AC20B.9040509@redhat.com>
2014-09-30 15:44 ` [PATCH 1/1] Centralize dependencies on the auth unit Simo Sorce
2014-10-02 19:27   ` Steve Dickson [this message]
2014-10-02 20:08     ` Simo Sorce

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=542DA720.5020002@RedHat.com \
    --to=steved@redhat.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=simo@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.